SlideShare a Scribd company logo

Identiverse Zero Trust Customer Briefing, Identiverse 2019

Identity Defined Security Alliance
Identity Defined Security Alliance

These slides were presented during an exclusive briefing and community review on our current research and development to redefine Zero Trust in identity first terms.

Technology
1 of 26
Download to read offline
Evolution of Identity and It’s Impact Employees Perimeter Employees and Partners Consumers Perimeter-less Federation Cloud / SaaS Things Perimeter-less Federation Cloud / SaaS Mobility Relationships Attributes Context Stateless IT EFFICIENCY IT COMPLIANCE SECURITY API AI API BUSINESS AGILITY UX Perimeter Federation Source: Optiv
Enterprise Challenges Cybersecurity is relentlessly, cumulatively challenging Compromised identities are still the leading cause of breaches – “The exploitation of usernames and passwords by nefarious actors continues to be a ripe target…” ITRC 2018 End-of-Year Data Breach Report Single vendor approaches are not working
Identity is a critical cybersecurity technology Foundation for a New Approach Cybersecurity technologies must fundamentally work together if they are to achieve meaningful effectiveness Every business transaction, attack surface or target involves a credential and a service or piece of data Given the cumulative investment in security, each new investment is increasingly measured for its ability to make the whole more effective
Steers the focus away from single point defense mechanisms to include a broader set of identity and security components Benefits of Identity Defined Security Delivers a fresh, balanced set of detective and preventive controls Enables organizations to tackle security with a more precise, identity-aware and identity-specific approach Leverages increasingly open and API- first tech stacks “Users” Data SECURITY IDENTITY CONTEXT, RISK, POLICY, WORKFLOW Network “Service”“Client” Identity Service y... Identity Service x... Security Service y... Security Service x...
Customer Advisory Board Membership
. The Identity Defined Security Alliance is a non- profit organization that facilitates community collaboration to develop a framework and practical guidance that helps organizations put identity at the center of their security strategy.
Deliver on our mission through… Cross vendor collaboration Thought leadership through blogs, webinars, speaking Identity Centric Security Framework - vendor-agnostic best practices, security controls, use cases Customer implementation stories Virtual community for sharing experiences and validation Identity Defined Security Alliance
Resources
Use Case for Identity Defined Security: Zero Trust • Why? • What? • How?
NetworkDevice StorageApplicationCompute Security increasingly “shows up” as part of the technology stack “Embedded” Security Services
NetworkDevice StorageApplicationCompute How can we make identity and security work better together? Authentication Authorization Identity Governance & Administration “Embedded” Security Services
NetworkDevice StorageApplicationCompute Identity Defined Security: “Human” Scenario human data Authentication Authorization Identity Governance & Administration
NetworkDevice StorageApplicationCompute Identity Defined Security: “Server Process” Scenario Authentication Authorization Identity Governance & Administration process data
NetworkDevice StorageApplicationCompute Identity Defined Security: “Device Process” Scenario Authentication Authorization Identity Governance & Administration data process
NetworkDevice StorageApplicationCompute Identity Defined Security: Putting it all together... human Authentication Authorization Identity Governance & Administration process process “process” identity “human” identity data “device” identity “network” identity “server” identity “workload” identity “disk” identity “process” identity
“Users” = Humans Bots Processes Code Identity Defined Security Architecture Data SECURITY IDENTITY Data Leakage Prevention (DLP) Security Information & Event Management (SIEM…+UEBA…+SOAR) Cloud Access Security Broker (CASB) Online Fraud Detection (OFD) Data Access Governance (DAG) Privileged Access Management (PAM) Access Management (AM) Software Defined Perimeter (SDP) Identity Governance & Administration (IGA) Unified Endpoint Management (UEM) Directory Services (DS) CONTEXT, RISK, POLICY, WORKFLOW Network Server/Service “Device”Client “Device” StorageApplication Compute ComputeApplication Storage Other...Other...
Best Practices to Prepare for Identity Defined Zero Trust • Formalize authoritative source(s) for identity life cycle, attributes and serialization • Develop a scalable and sustainable directory, attribute and group structure and process • Identify sensitive data location, access and ownership • Identify privileged accounts and entitlements • Establish sources for identity context and risk • Enhance security operations technology, training and process with identity concepts/scope
Core Methods of Identity Defined Zero Trust • Ensure all data, applications and infrastructure are accessed securely, with authentication and access control matched to the identities, privileges and context involved • Govern identities and permissions with a least privileged access strategy • Log and analyze all user and process behaviors • Apply an identity-specific approach to incident prioritization, analysis, response and remediation
Identity Defined Security Controls • AM+IGA: Synchronization of SSO Access Panel with Governance-driven Provisioning • IGA+PAM: Lifecycle Provisioning/De-provisioning of Privileged Access • AM+CASB: SSO through Proxy Server for Robust yet Transparent Auditing/Enforcement • AM+UEM: Login Redirected for Unmanaged Device • AM+UEM: Login Denied for Compromised Device • AM+PAM: Step-up Authentication for Privileged Account Access • AM+UEM+PAM: Login Denied for Compromised Device Accessing Privileged Account • PAM+DS: Govern SSO and Authorization Policy for Privileged Access • DLP+PAM: Privileged Session Termination upon Data Leakage Event • SIEM/UEBA/SOAR+PAM: Privileged Session Management in Response to Security Incident • SIEM/UEBA/SOAR+IGA: Identity Governance in Response to Security Incident • IGA+PAM: Certification of Privileged Accounts • IGA+DAG: Certification of Sensitive Data Access by Data Owner Let’s pick a few and apply to Zero Trust...
ID Security Control xxx AM+PAM: Step-up Authentication for Privileged Account Access • Integrate Components: – Access Management + Privileged Access Management • What Happens: – All logins to privileged accounts through the PAM system require stepped-up authentication • Value to Organization: – Significantly reduced risk of illegitimate use of legitimate privileged accounts – Zero Trust of password/key sharing diligence, especially on system accounts “Users” Data SECURITY IDENTITY CONTEXT, RISK, POLICY, WORKFLOW Network “Service”“Client” PAM AM
ID Security Control xxx IGA+PAM: Lifecycle Provisioning/De-provisioning of Privileged Access • Integrate Components: – Privileged Access Management + Identity Governance • What Happens: – Changes in identity status trigger automated changes to privileged accounts • Value to Organization: – Empower new privileged users faster and eliminate inappropriate privileges proactively, especially upon termination – Zero Trust of “appropriate use” discipline, especially concerning former employees “Users” Data SECURITY IDENTITY CONTEXT, RISK, POLICY, WORKFLOW Network “Service”“Client” PAM IGA
ID Security Control xxx AM+UEM: Login Denied for Compromised Device • Integrate Components: – Access Management + Unified Endpoint Management • What Happens: – AM checks UEM and denies login if device in question has been flagged for indicators of compromise • Value to Organization: – Stop lateral movements made easier by compromised devices – Zero Trust of device security “Users” Data SECURITY IDENTITY CONTEXT, RISK, POLICY, WORKFLOW Network “Service”“Client” UEM AM
ID Security Control xxx AM+UEM+PAM: Login Denied for Compromised Device Accessing Privileged Account • Integrate Components: – Access Management + Unified Endpoint Management • What Happens: – AM checks UEM and denies login if device in question has been flagged for indicators of compromise and the login target is a privileged account • Value to Organization: – Stop lateral movement “payoffs” made easier by compromised devices – Zero Trust of device security, especially concerning privileged account logins “Users” Data SECURITY IDENTITY CONTEXT, RISK, POLICY, WORKFLOW Network “Service”“Client” PAM AM UEM
Customer Resources Adobe Finds ZEN Using Identity-Centric Security “Working with the IDSA is a great opportunity to help drive innovation across the tech industry with vendors and solution providers alike. Adobe benefits through exposure to vendors, use cases and community best practices that help elevate and strengthen our identity and security teams.” -Den Jones, Director of Enterprise Security, Adobe LogRhythm’s Journey to Zero Trust
Comment and Contribute https://forum.idsalliance.org/

Recommended

Navigating Zero Trust Presentation Slides
Navigating Zero Trust Presentation SlidesNavigating Zero Trust Presentation Slides
Navigating Zero Trust Presentation SlidesIvanti
 
Ivanti remote worker ds
Ivanti remote worker dsIvanti remote worker ds
Ivanti remote worker dsIvanti
 
Protect Against 85% of Cyberattacks
Protect Against 85% of CyberattacksProtect Against 85% of Cyberattacks
Protect Against 85% of CyberattacksIvanti
 
2021 English Part One Anti-phishing Webinar Presentation Slides
2021 English Part One Anti-phishing Webinar Presentation Slides2021 English Part One Anti-phishing Webinar Presentation Slides
2021 English Part One Anti-phishing Webinar Presentation SlidesIvanti
 
Protect Your Organization with Multi-Layered Approach to Anti-Phishing
Protect Your Organization with Multi-Layered Approach to Anti-PhishingProtect Your Organization with Multi-Layered Approach to Anti-Phishing
Protect Your Organization with Multi-Layered Approach to Anti-PhishingIvanti
 
Navigating the Zero Trust Journey for Today's Everywhere Workplace
Navigating the Zero Trust Journey for Today's Everywhere WorkplaceNavigating the Zero Trust Journey for Today's Everywhere Workplace
Navigating the Zero Trust Journey for Today's Everywhere WorkplaceIvanti
 
The Zero Trust Model of Information Security
The Zero Trust Model of Information Security The Zero Trust Model of Information Security
The Zero Trust Model of Information Security Tripwire
 
A Non-Salesy Intro to the Ivanti Porfolio
A Non-Salesy Intro to the Ivanti PorfolioA Non-Salesy Intro to the Ivanti Porfolio
A Non-Salesy Intro to the Ivanti PorfolioIvanti
 

Recommended

Navigating Zero Trust Presentation Slides
Navigating Zero Trust Presentation SlidesNavigating Zero Trust Presentation Slides
Navigating Zero Trust Presentation SlidesIvanti
 
Ivanti remote worker ds
Ivanti remote worker dsIvanti remote worker ds
Ivanti remote worker dsIvanti
 
Protect Against 85% of Cyberattacks
Protect Against 85% of CyberattacksProtect Against 85% of Cyberattacks
Protect Against 85% of CyberattacksIvanti
 
2021 English Part One Anti-phishing Webinar Presentation Slides
2021 English Part One Anti-phishing Webinar Presentation Slides2021 English Part One Anti-phishing Webinar Presentation Slides
2021 English Part One Anti-phishing Webinar Presentation SlidesIvanti
 
Protect Your Organization with Multi-Layered Approach to Anti-Phishing
Protect Your Organization with Multi-Layered Approach to Anti-PhishingProtect Your Organization with Multi-Layered Approach to Anti-Phishing
Protect Your Organization with Multi-Layered Approach to Anti-PhishingIvanti
 
Navigating the Zero Trust Journey for Today's Everywhere Workplace
Navigating the Zero Trust Journey for Today's Everywhere WorkplaceNavigating the Zero Trust Journey for Today's Everywhere Workplace
Navigating the Zero Trust Journey for Today's Everywhere WorkplaceIvanti
 
The Zero Trust Model of Information Security
The Zero Trust Model of Information Security The Zero Trust Model of Information Security
The Zero Trust Model of Information Security Tripwire
 
A Non-Salesy Intro to the Ivanti Porfolio
A Non-Salesy Intro to the Ivanti PorfolioA Non-Salesy Intro to the Ivanti Porfolio
A Non-Salesy Intro to the Ivanti PorfolioIvanti
 
Enabling Cloud Smart, Zero-Trust, and TIC
Enabling Cloud Smart, Zero-Trust, and TICEnabling Cloud Smart, Zero-Trust, and TIC
Enabling Cloud Smart, Zero-Trust, and TICAmazon Web Services
 
Ivanti neurons - lunch and learn
Ivanti neurons - lunch and learnIvanti neurons - lunch and learn
Ivanti neurons - lunch and learnIvanti
 
DSS ITSEC Webinars 2013 - Network Access Control + Mobile Security (Forescout)
DSS ITSEC Webinars 2013 - Network Access Control + Mobile Security (Forescout)DSS ITSEC Webinars 2013 - Network Access Control + Mobile Security (Forescout)
DSS ITSEC Webinars 2013 - Network Access Control + Mobile Security (Forescout)Andris Soroka
 
The Next Stage of Fraud Protection: IBM Security Trusteer Fraud Protection Suite
The Next Stage of Fraud Protection: IBM Security Trusteer Fraud Protection SuiteThe Next Stage of Fraud Protection: IBM Security Trusteer Fraud Protection Suite
The Next Stage of Fraud Protection: IBM Security Trusteer Fraud Protection SuiteIBM Security
 
Recent ECB/ EBA regulations how they will impact European banks in 2016
Recent ECB/ EBA regulations how they will impact European banks in 2016Recent ECB/ EBA regulations how they will impact European banks in 2016
Recent ECB/ EBA regulations how they will impact European banks in 2016IBM Security
 
IBM Security AppExchange Spotlight: Threat Intelligence & Monitoring Microso...
IBM Security AppExchange Spotlight: Threat Intelligence & Monitoring Microso...IBM Security AppExchange Spotlight: Threat Intelligence & Monitoring Microso...
IBM Security AppExchange Spotlight: Threat Intelligence & Monitoring Microso...IBM Security
 
Ivanti uem security_webinar_cybersecurity_month_oct2020
Ivanti uem security_webinar_cybersecurity_month_oct2020Ivanti uem security_webinar_cybersecurity_month_oct2020
Ivanti uem security_webinar_cybersecurity_month_oct2020Ivanti
 
Building a Next-Generation Security Operation Center Based on IBM QRadar and ...
Building a Next-Generation Security Operation Center Based on IBM QRadar and ...Building a Next-Generation Security Operation Center Based on IBM QRadar and ...
Building a Next-Generation Security Operation Center Based on IBM QRadar and ...IBM Security
 
Zero Trust Networks
Zero Trust NetworksZero Trust Networks
Zero Trust NetworksPractical Code, LLC
 
PAC Webinar - "Show me the money!" - evaluating market opportunities in cyber...
PAC Webinar - "Show me the money!" - evaluating market opportunities in cyber...PAC Webinar - "Show me the money!" - evaluating market opportunities in cyber...
PAC Webinar - "Show me the money!" - evaluating market opportunities in cyber...Nicolas Beyer
 
Ivanti for msp
Ivanti for mspIvanti for msp
Ivanti for mspIvanti
 
Don’t Drown in a Sea of Cyberthreats: Mitigate Attacks with IBM BigFix & QRadar
Don’t Drown in a Sea of Cyberthreats: Mitigate Attacks with IBM BigFix & QRadarDon’t Drown in a Sea of Cyberthreats: Mitigate Attacks with IBM BigFix & QRadar
Don’t Drown in a Sea of Cyberthreats: Mitigate Attacks with IBM BigFix & QRadarIBM Security
 
5 Ways to Get Even More from Your IBM Security QRadar Investment in 2016
5 Ways to Get Even More from Your IBM Security QRadar Investment in 20165 Ways to Get Even More from Your IBM Security QRadar Investment in 2016
5 Ways to Get Even More from Your IBM Security QRadar Investment in 2016IBM Security
 
Webinar: Beyond Two-Factor: Secure Access Control for Office 365
Webinar: Beyond Two-Factor: Secure Access Control for Office 365 Webinar: Beyond Two-Factor: Secure Access Control for Office 365
Webinar: Beyond Two-Factor: Secure Access Control for Office 365SecureAuth
 
QRadar & XGS: Stopping Attacks with a Click of the Mouse
QRadar & XGS: Stopping Attacks with a Click of the MouseQRadar & XGS: Stopping Attacks with a Click of the Mouse
QRadar & XGS: Stopping Attacks with a Click of the MouseIBM Security
 
HYPR: The Leading Provider of True Passwordless Security®
HYPR: The Leading Provider of True Passwordless Security®HYPR: The Leading Provider of True Passwordless Security®
HYPR: The Leading Provider of True Passwordless Security®HYPR
 
Appsecurity, win or loose
Appsecurity, win or looseAppsecurity, win or loose
Appsecurity, win or looseBjørn Sloth
 
The ROI on Intrusion Prevention: Protecting Both Your Network & Investment
The ROI on Intrusion Prevention: Protecting Both Your Network & InvestmentThe ROI on Intrusion Prevention: Protecting Both Your Network & Investment
The ROI on Intrusion Prevention: Protecting Both Your Network & InvestmentIBM Security
 
2017 Predictions: Identity and Security
2017 Predictions: Identity and Security 2017 Predictions: Identity and Security
2017 Predictions: Identity and Security SecureAuth
 
IBM MaaS360 with watson
IBM MaaS360 with watsonIBM MaaS360 with watson
IBM MaaS360 with watsonPrime Infoserv
 
Denver ISSA Chapter Meetings - Changing the Security Paradigm
Denver ISSA Chapter Meetings - Changing the Security ParadigmDenver ISSA Chapter Meetings - Changing the Security Paradigm
Denver ISSA Chapter Meetings - Changing the Security ParadigmIdentity Defined Security Alliance
 
Modern Authentication – Turn a Losing Battle into a Winning Strategy, Robert ...
Modern Authentication – Turn a Losing Battle into a Winning Strategy, Robert ...Modern Authentication – Turn a Losing Battle into a Winning Strategy, Robert ...
Modern Authentication – Turn a Losing Battle into a Winning Strategy, Robert ...Core Security
 

More Related Content

What's hot

Enabling Cloud Smart, Zero-Trust, and TIC
Enabling Cloud Smart, Zero-Trust, and TICEnabling Cloud Smart, Zero-Trust, and TIC
Enabling Cloud Smart, Zero-Trust, and TICAmazon Web Services
 
Ivanti neurons - lunch and learn
Ivanti neurons - lunch and learnIvanti neurons - lunch and learn
Ivanti neurons - lunch and learnIvanti
 
DSS ITSEC Webinars 2013 - Network Access Control + Mobile Security (Forescout)
DSS ITSEC Webinars 2013 - Network Access Control + Mobile Security (Forescout)DSS ITSEC Webinars 2013 - Network Access Control + Mobile Security (Forescout)
DSS ITSEC Webinars 2013 - Network Access Control + Mobile Security (Forescout)Andris Soroka
 
The Next Stage of Fraud Protection: IBM Security Trusteer Fraud Protection Suite
The Next Stage of Fraud Protection: IBM Security Trusteer Fraud Protection SuiteThe Next Stage of Fraud Protection: IBM Security Trusteer Fraud Protection Suite
The Next Stage of Fraud Protection: IBM Security Trusteer Fraud Protection SuiteIBM Security
 
Recent ECB/ EBA regulations how they will impact European banks in 2016
Recent ECB/ EBA regulations how they will impact European banks in 2016Recent ECB/ EBA regulations how they will impact European banks in 2016
Recent ECB/ EBA regulations how they will impact European banks in 2016IBM Security
 
IBM Security AppExchange Spotlight: Threat Intelligence & Monitoring Microso...
IBM Security AppExchange Spotlight: Threat Intelligence & Monitoring Microso...IBM Security AppExchange Spotlight: Threat Intelligence & Monitoring Microso...
IBM Security AppExchange Spotlight: Threat Intelligence & Monitoring Microso...IBM Security
 
Ivanti uem security_webinar_cybersecurity_month_oct2020
Ivanti uem security_webinar_cybersecurity_month_oct2020Ivanti uem security_webinar_cybersecurity_month_oct2020
Ivanti uem security_webinar_cybersecurity_month_oct2020Ivanti
 
Building a Next-Generation Security Operation Center Based on IBM QRadar and ...
Building a Next-Generation Security Operation Center Based on IBM QRadar and ...Building a Next-Generation Security Operation Center Based on IBM QRadar and ...
Building a Next-Generation Security Operation Center Based on IBM QRadar and ...IBM Security
 
PAC Webinar - "Show me the money!" - evaluating market opportunities in cyber...
PAC Webinar - "Show me the money!" - evaluating market opportunities in cyber...PAC Webinar - "Show me the money!" - evaluating market opportunities in cyber...
PAC Webinar - "Show me the money!" - evaluating market opportunities in cyber...Nicolas Beyer
 
Ivanti for msp
Ivanti for mspIvanti for msp
Ivanti for mspIvanti
 
Don’t Drown in a Sea of Cyberthreats: Mitigate Attacks with IBM BigFix & QRadar
Don’t Drown in a Sea of Cyberthreats: Mitigate Attacks with IBM BigFix & QRadarDon’t Drown in a Sea of Cyberthreats: Mitigate Attacks with IBM BigFix & QRadar
Don’t Drown in a Sea of Cyberthreats: Mitigate Attacks with IBM BigFix & QRadarIBM Security
 
5 Ways to Get Even More from Your IBM Security QRadar Investment in 2016
5 Ways to Get Even More from Your IBM Security QRadar Investment in 20165 Ways to Get Even More from Your IBM Security QRadar Investment in 2016
5 Ways to Get Even More from Your IBM Security QRadar Investment in 2016IBM Security
 
Webinar: Beyond Two-Factor: Secure Access Control for Office 365
Webinar: Beyond Two-Factor: Secure Access Control for Office 365 Webinar: Beyond Two-Factor: Secure Access Control for Office 365
Webinar: Beyond Two-Factor: Secure Access Control for Office 365SecureAuth
 
QRadar & XGS: Stopping Attacks with a Click of the Mouse
QRadar & XGS: Stopping Attacks with a Click of the MouseQRadar & XGS: Stopping Attacks with a Click of the Mouse
QRadar & XGS: Stopping Attacks with a Click of the MouseIBM Security
 
HYPR: The Leading Provider of True Passwordless Security®
HYPR: The Leading Provider of True Passwordless Security®HYPR: The Leading Provider of True Passwordless Security®
HYPR: The Leading Provider of True Passwordless Security®HYPR
 
Appsecurity, win or loose
Appsecurity, win or looseAppsecurity, win or loose
Appsecurity, win or looseBjørn Sloth
 
The ROI on Intrusion Prevention: Protecting Both Your Network & Investment
The ROI on Intrusion Prevention: Protecting Both Your Network & InvestmentThe ROI on Intrusion Prevention: Protecting Both Your Network & Investment
The ROI on Intrusion Prevention: Protecting Both Your Network & InvestmentIBM Security
 
2017 Predictions: Identity and Security
2017 Predictions: Identity and Security 2017 Predictions: Identity and Security
2017 Predictions: Identity and Security SecureAuth
 
IBM MaaS360 with watson
IBM MaaS360 with watsonIBM MaaS360 with watson
IBM MaaS360 with watsonPrime Infoserv
 

What's hot (20)

Enabling Cloud Smart, Zero-Trust, and TIC
Enabling Cloud Smart, Zero-Trust, and TICEnabling Cloud Smart, Zero-Trust, and TIC
Enabling Cloud Smart, Zero-Trust, and TIC
 
Ivanti neurons - lunch and learn
Ivanti neurons - lunch and learnIvanti neurons - lunch and learn
Ivanti neurons - lunch and learn
 
DSS ITSEC Webinars 2013 - Network Access Control + Mobile Security (Forescout)
DSS ITSEC Webinars 2013 - Network Access Control + Mobile Security (Forescout)DSS ITSEC Webinars 2013 - Network Access Control + Mobile Security (Forescout)
DSS ITSEC Webinars 2013 - Network Access Control + Mobile Security (Forescout)
 
The Next Stage of Fraud Protection: IBM Security Trusteer Fraud Protection Suite
The Next Stage of Fraud Protection: IBM Security Trusteer Fraud Protection SuiteThe Next Stage of Fraud Protection: IBM Security Trusteer Fraud Protection Suite
The Next Stage of Fraud Protection: IBM Security Trusteer Fraud Protection Suite
 
Recent ECB/ EBA regulations how they will impact European banks in 2016
Recent ECB/ EBA regulations how they will impact European banks in 2016Recent ECB/ EBA regulations how they will impact European banks in 2016
Recent ECB/ EBA regulations how they will impact European banks in 2016
 
IBM Security AppExchange Spotlight: Threat Intelligence & Monitoring Microso...
IBM Security AppExchange Spotlight: Threat Intelligence & Monitoring Microso...IBM Security AppExchange Spotlight: Threat Intelligence & Monitoring Microso...
IBM Security AppExchange Spotlight: Threat Intelligence & Monitoring Microso...
 
Ivanti uem security_webinar_cybersecurity_month_oct2020
Ivanti uem security_webinar_cybersecurity_month_oct2020Ivanti uem security_webinar_cybersecurity_month_oct2020
Ivanti uem security_webinar_cybersecurity_month_oct2020
 
Building a Next-Generation Security Operation Center Based on IBM QRadar and ...
Building a Next-Generation Security Operation Center Based on IBM QRadar and ...Building a Next-Generation Security Operation Center Based on IBM QRadar and ...
Building a Next-Generation Security Operation Center Based on IBM QRadar and ...
 
Zero Trust Networks
Zero Trust NetworksZero Trust Networks
Zero Trust Networks
 
PAC Webinar - "Show me the money!" - evaluating market opportunities in cyber...
PAC Webinar - "Show me the money!" - evaluating market opportunities in cyber...PAC Webinar - "Show me the money!" - evaluating market opportunities in cyber...
PAC Webinar - "Show me the money!" - evaluating market opportunities in cyber...
 
Ivanti for msp
Ivanti for mspIvanti for msp
Ivanti for msp
 
Don’t Drown in a Sea of Cyberthreats: Mitigate Attacks with IBM BigFix & QRadar
Don’t Drown in a Sea of Cyberthreats: Mitigate Attacks with IBM BigFix & QRadarDon’t Drown in a Sea of Cyberthreats: Mitigate Attacks with IBM BigFix & QRadar
Don’t Drown in a Sea of Cyberthreats: Mitigate Attacks with IBM BigFix & QRadar
 
5 Ways to Get Even More from Your IBM Security QRadar Investment in 2016
5 Ways to Get Even More from Your IBM Security QRadar Investment in 20165 Ways to Get Even More from Your IBM Security QRadar Investment in 2016
5 Ways to Get Even More from Your IBM Security QRadar Investment in 2016
 
Webinar: Beyond Two-Factor: Secure Access Control for Office 365
Webinar: Beyond Two-Factor: Secure Access Control for Office 365 Webinar: Beyond Two-Factor: Secure Access Control for Office 365
Webinar: Beyond Two-Factor: Secure Access Control for Office 365
 
QRadar & XGS: Stopping Attacks with a Click of the Mouse
QRadar & XGS: Stopping Attacks with a Click of the MouseQRadar & XGS: Stopping Attacks with a Click of the Mouse
QRadar & XGS: Stopping Attacks with a Click of the Mouse
 
HYPR: The Leading Provider of True Passwordless Security®
HYPR: The Leading Provider of True Passwordless Security®HYPR: The Leading Provider of True Passwordless Security®
HYPR: The Leading Provider of True Passwordless Security®
 
Appsecurity, win or loose
Appsecurity, win or looseAppsecurity, win or loose
Appsecurity, win or loose
 
The ROI on Intrusion Prevention: Protecting Both Your Network & Investment
The ROI on Intrusion Prevention: Protecting Both Your Network & InvestmentThe ROI on Intrusion Prevention: Protecting Both Your Network & Investment
The ROI on Intrusion Prevention: Protecting Both Your Network & Investment
 
2017 Predictions: Identity and Security
2017 Predictions: Identity and Security 2017 Predictions: Identity and Security
2017 Predictions: Identity and Security
 
IBM MaaS360 with watson
IBM MaaS360 with watsonIBM MaaS360 with watson
IBM MaaS360 with watson
 

Similar to Identiverse Zero Trust Customer Briefing, Identiverse 2019

Modern Authentication – Turn a Losing Battle into a Winning Strategy, Robert ...
Modern Authentication – Turn a Losing Battle into a Winning Strategy, Robert ...Modern Authentication – Turn a Losing Battle into a Winning Strategy, Robert ...
Modern Authentication – Turn a Losing Battle into a Winning Strategy, Robert ...Core Security
 
Smart Identity for the Hybrid Multicloud World
Smart Identity for the Hybrid Multicloud WorldSmart Identity for the Hybrid Multicloud World
Smart Identity for the Hybrid Multicloud WorldKatherine Cola
 
Data Security Solutions @ISACA LV Chapter Meeting 15.05.2013 SIEM based …
Data Security Solutions @ISACA LV Chapter Meeting 15.05.2013 SIEM based …Data Security Solutions @ISACA LV Chapter Meeting 15.05.2013 SIEM based …
Data Security Solutions @ISACA LV Chapter Meeting 15.05.2013 SIEM based …Andris Soroka
 
Security Architecture Best Practices for SaaS Applications
Security Architecture Best Practices for SaaS ApplicationsSecurity Architecture Best Practices for SaaS Applications
Security Architecture Best Practices for SaaS ApplicationsTechcello
 
Path Maker Security Presentation
Path Maker Security PresentationPath Maker Security Presentation
Path Maker Security Presentationdanhsmith
 
GDPR Part 3: Practical Quest
GDPR Part 3: Practical QuestGDPR Part 3: Practical Quest
GDPR Part 3: Practical QuestAdrian Dumitrescu
 
Scalar Security Roadshow April 2015
Scalar Security Roadshow April 2015Scalar Security Roadshow April 2015
Scalar Security Roadshow April 2015Scalar Decisions
 
AWS Meetup Nov 2015 - CloudTen Presentation
AWS Meetup Nov 2015 - CloudTen PresentationAWS Meetup Nov 2015 - CloudTen Presentation
AWS Meetup Nov 2015 - CloudTen PresentationPolarSeven Pty Ltd
 
Solvit identity is the new perimeter
Solvit identity is the new perimeterSolvit identity is the new perimeter
Solvit identity is the new perimeterS.E. CTS CERT-GOV-MD
 
Technology Overview - Validation & ID Protection (VIP)
Technology Overview - Validation & ID Protection (VIP)Technology Overview - Validation & ID Protection (VIP)
Technology Overview - Validation & ID Protection (VIP)Iftikhar Ali Iqbal
 
From reactive to automated reducing costs through mature security processes i...
From reactive to automated reducing costs through mature security processes i...From reactive to automated reducing costs through mature security processes i...
From reactive to automated reducing costs through mature security processes i...NetIQ
 
Increase IBM i Security & Accelerate Compliance with New Syncsort Security Re...
Increase IBM i Security & Accelerate Compliance with New Syncsort Security Re...Increase IBM i Security & Accelerate Compliance with New Syncsort Security Re...
Increase IBM i Security & Accelerate Compliance with New Syncsort Security Re...Precisely
 
IDSA Overview at CSA SV
IDSA Overview at CSA SVIDSA Overview at CSA SV
IDSA Overview at CSA SVVishwas Manral
 
(SEC310) Keeping Developers and Auditors Happy in the Cloud
(SEC310) Keeping Developers and Auditors Happy in the Cloud(SEC310) Keeping Developers and Auditors Happy in the Cloud
(SEC310) Keeping Developers and Auditors Happy in the CloudAmazon Web Services
 
Authentication_Best_Practices_WP(EN)_web
Authentication_Best_Practices_WP(EN)_webAuthentication_Best_Practices_WP(EN)_web
Authentication_Best_Practices_WP(EN)_webSafeNet
 

Similar to Identiverse Zero Trust Customer Briefing, Identiverse 2019 (20)

Denver ISSA Chapter Meetings - Changing the Security Paradigm
Denver ISSA Chapter Meetings - Changing the Security ParadigmDenver ISSA Chapter Meetings - Changing the Security Paradigm
Denver ISSA Chapter Meetings - Changing the Security Paradigm
 
Modern Authentication – Turn a Losing Battle into a Winning Strategy, Robert ...
Modern Authentication – Turn a Losing Battle into a Winning Strategy, Robert ...Modern Authentication – Turn a Losing Battle into a Winning Strategy, Robert ...
Modern Authentication – Turn a Losing Battle into a Winning Strategy, Robert ...
 
Smart Identity for the Hybrid Multicloud World
Smart Identity for the Hybrid Multicloud WorldSmart Identity for the Hybrid Multicloud World
Smart Identity for the Hybrid Multicloud World
 
Data Security Solutions @ISACA LV Chapter Meeting 15.05.2013 SIEM based …
Data Security Solutions @ISACA LV Chapter Meeting 15.05.2013 SIEM based …Data Security Solutions @ISACA LV Chapter Meeting 15.05.2013 SIEM based …
Data Security Solutions @ISACA LV Chapter Meeting 15.05.2013 SIEM based …
 
March Boston Cloud Security Alliance Meetup
March Boston Cloud Security Alliance MeetupMarch Boston Cloud Security Alliance Meetup
March Boston Cloud Security Alliance Meetup
 
Security Architecture Best Practices for SaaS Applications
Security Architecture Best Practices for SaaS ApplicationsSecurity Architecture Best Practices for SaaS Applications
Security Architecture Best Practices for SaaS Applications
 
Path Maker Security Presentation
Path Maker Security PresentationPath Maker Security Presentation
Path Maker Security Presentation
 
GDPR Part 3: Practical Quest
GDPR Part 3: Practical QuestGDPR Part 3: Practical Quest
GDPR Part 3: Practical Quest
 
Scalar Security Roadshow April 2015
Scalar Security Roadshow April 2015Scalar Security Roadshow April 2015
Scalar Security Roadshow April 2015
 
Cloudten aws-siem
Cloudten aws-siemCloudten aws-siem
Cloudten aws-siem
 
AWS Meetup Nov 2015 - CloudTen Presentation
AWS Meetup Nov 2015 - CloudTen PresentationAWS Meetup Nov 2015 - CloudTen Presentation
AWS Meetup Nov 2015 - CloudTen Presentation
 
Solvit identity is the new perimeter
Solvit identity is the new perimeterSolvit identity is the new perimeter
Solvit identity is the new perimeter
 
Technology Overview - Validation & ID Protection (VIP)
Technology Overview - Validation & ID Protection (VIP)Technology Overview - Validation & ID Protection (VIP)
Technology Overview - Validation & ID Protection (VIP)
 
From reactive to automated reducing costs through mature security processes i...
From reactive to automated reducing costs through mature security processes i...From reactive to automated reducing costs through mature security processes i...
From reactive to automated reducing costs through mature security processes i...
 
Aruba Networks - Overview ClearPass
Aruba Networks - Overview ClearPassAruba Networks - Overview ClearPass
Aruba Networks - Overview ClearPass
 
Increase IBM i Security & Accelerate Compliance with New Syncsort Security Re...
Increase IBM i Security & Accelerate Compliance with New Syncsort Security Re...Increase IBM i Security & Accelerate Compliance with New Syncsort Security Re...
Increase IBM i Security & Accelerate Compliance with New Syncsort Security Re...
 
Cybersecurity Leadership Forum - Cincinnati
Cybersecurity Leadership Forum - CincinnatiCybersecurity Leadership Forum - Cincinnati
Cybersecurity Leadership Forum - Cincinnati
 
IDSA Overview at CSA SV
IDSA Overview at CSA SVIDSA Overview at CSA SV
IDSA Overview at CSA SV
 
(SEC310) Keeping Developers and Auditors Happy in the Cloud
(SEC310) Keeping Developers and Auditors Happy in the Cloud(SEC310) Keeping Developers and Auditors Happy in the Cloud
(SEC310) Keeping Developers and Auditors Happy in the Cloud
 
Authentication_Best_Practices_WP(EN)_web
Authentication_Best_Practices_WP(EN)_webAuthentication_Best_Practices_WP(EN)_web
Authentication_Best_Practices_WP(EN)_web
 

Recently uploaded

Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupFlorian Wilhelm
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsRizwan Syed
 
Science&tech:THE INFORMATION AGE STS.pdf
Science&tech:THE INFORMATION AGE STS.pdfScience&tech:THE INFORMATION AGE STS.pdf
Science&tech:THE INFORMATION AGE STS.pdfjimielynbastida
 
Bluetooth Controlled Car with Arduino.pdf
Bluetooth Controlled Car with Arduino.pdfBluetooth Controlled Car with Arduino.pdf
Bluetooth Controlled Car with Arduino.pdfngoud9212
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxLBM Solutions
 
Snow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter RoadsSnow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter RoadsHyundai Motor Group
 
Unlocking the Potential of the Cloud for IBM Power Systems
Unlocking the Potential of the Cloud for IBM Power SystemsUnlocking the Potential of the Cloud for IBM Power Systems
Unlocking the Potential of the Cloud for IBM Power SystemsPrecisely
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsAndrey Dotsenko
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubKalema Edgar
 
APIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGAPIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGMarianaLemus7
 
costume and set research powerpoint presentation
costume and set research powerpoint presentationcostume and set research powerpoint presentation
costume and set research powerpoint presentationphoebematthew05
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr LapshynFwdays
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Patryk Bandurski
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Mattias Andersson
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationSafe Software
 

Recently uploaded (20)

Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
 
DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special EditionDMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
 
Science&tech:THE INFORMATION AGE STS.pdf
Science&tech:THE INFORMATION AGE STS.pdfScience&tech:THE INFORMATION AGE STS.pdf
Science&tech:THE INFORMATION AGE STS.pdf
 
Bluetooth Controlled Car with Arduino.pdf
Bluetooth Controlled Car with Arduino.pdfBluetooth Controlled Car with Arduino.pdf
Bluetooth Controlled Car with Arduino.pdf
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptx
 
Snow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter RoadsSnow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter Roads
 
Unlocking the Potential of the Cloud for IBM Power Systems
Unlocking the Potential of the Cloud for IBM Power SystemsUnlocking the Potential of the Cloud for IBM Power Systems
Unlocking the Potential of the Cloud for IBM Power Systems
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
 
APIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGAPIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDG
 
costume and set research powerpoint presentation
costume and set research powerpoint presentationcostume and set research powerpoint presentation
costume and set research powerpoint presentation
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
 

Identiverse Zero Trust Customer Briefing, Identiverse 2019

  • 1.
  • 2. Evolution of Identity and It’s Impact Employees Perimeter Employees and Partners Consumers Perimeter-less Federation Cloud / SaaS Things Perimeter-less Federation Cloud / SaaS Mobility Relationships Attributes Context Stateless IT EFFICIENCY IT COMPLIANCE SECURITY API AI API BUSINESS AGILITY UX Perimeter Federation Source: Optiv
  • 3. Enterprise Challenges Cybersecurity is relentlessly, cumulatively challenging Compromised identities are still the leading cause of breaches – “The exploitation of usernames and passwords by nefarious actors continues to be a ripe target…” ITRC 2018 End-of-Year Data Breach Report Single vendor approaches are not working
  • 4. Identity is a critical cybersecurity technology Foundation for a New Approach Cybersecurity technologies must fundamentally work together if they are to achieve meaningful effectiveness Every business transaction, attack surface or target involves a credential and a service or piece of data Given the cumulative investment in security, each new investment is increasingly measured for its ability to make the whole more effective
  • 5. Steers the focus away from single point defense mechanisms to include a broader set of identity and security components Benefits of Identity Defined Security Delivers a fresh, balanced set of detective and preventive controls Enables organizations to tackle security with a more precise, identity-aware and identity-specific approach Leverages increasingly open and API- first tech stacks “Users” Data SECURITY IDENTITY CONTEXT, RISK, POLICY, WORKFLOW Network “Service”“Client” Identity Service y... Identity Service x... Security Service y... Security Service x...
  • 7. . The Identity Defined Security Alliance is a non- profit organization that facilitates community collaboration to develop a framework and practical guidance that helps organizations put identity at the center of their security strategy.
  • 8. Deliver on our mission through… Cross vendor collaboration Thought leadership through blogs, webinars, speaking Identity Centric Security Framework - vendor-agnostic best practices, security controls, use cases Customer implementation stories Virtual community for sharing experiences and validation Identity Defined Security Alliance
  • 10. Use Case for Identity Defined Security: Zero Trust • Why? • What? • How?
  • 11. NetworkDevice StorageApplicationCompute Security increasingly “shows up” as part of the technology stack “Embedded” Security Services
  • 12. NetworkDevice StorageApplicationCompute How can we make identity and security work better together? Authentication Authorization Identity Governance & Administration “Embedded” Security Services
  • 13. NetworkDevice StorageApplicationCompute Identity Defined Security: “Human” Scenario human data Authentication Authorization Identity Governance & Administration
  • 14. NetworkDevice StorageApplicationCompute Identity Defined Security: “Server Process” Scenario Authentication Authorization Identity Governance & Administration process data
  • 15. NetworkDevice StorageApplicationCompute Identity Defined Security: “Device Process” Scenario Authentication Authorization Identity Governance & Administration data process
  • 16. NetworkDevice StorageApplicationCompute Identity Defined Security: Putting it all together... human Authentication Authorization Identity Governance & Administration process process “process” identity “human” identity data “device” identity “network” identity “server” identity “workload” identity “disk” identity “process” identity
  • 17. “Users” = Humans Bots Processes Code Identity Defined Security Architecture Data SECURITY IDENTITY Data Leakage Prevention (DLP) Security Information & Event Management (SIEM…+UEBA…+SOAR) Cloud Access Security Broker (CASB) Online Fraud Detection (OFD) Data Access Governance (DAG) Privileged Access Management (PAM) Access Management (AM) Software Defined Perimeter (SDP) Identity Governance & Administration (IGA) Unified Endpoint Management (UEM) Directory Services (DS) CONTEXT, RISK, POLICY, WORKFLOW Network Server/Service “Device”Client “Device” StorageApplication Compute ComputeApplication Storage Other...Other...
  • 18. Best Practices to Prepare for Identity Defined Zero Trust • Formalize authoritative source(s) for identity life cycle, attributes and serialization • Develop a scalable and sustainable directory, attribute and group structure and process • Identify sensitive data location, access and ownership • Identify privileged accounts and entitlements • Establish sources for identity context and risk • Enhance security operations technology, training and process with identity concepts/scope
  • 19. Core Methods of Identity Defined Zero Trust • Ensure all data, applications and infrastructure are accessed securely, with authentication and access control matched to the identities, privileges and context involved • Govern identities and permissions with a least privileged access strategy • Log and analyze all user and process behaviors • Apply an identity-specific approach to incident prioritization, analysis, response and remediation
  • 20. Identity Defined Security Controls • AM+IGA: Synchronization of SSO Access Panel with Governance-driven Provisioning • IGA+PAM: Lifecycle Provisioning/De-provisioning of Privileged Access • AM+CASB: SSO through Proxy Server for Robust yet Transparent Auditing/Enforcement • AM+UEM: Login Redirected for Unmanaged Device • AM+UEM: Login Denied for Compromised Device • AM+PAM: Step-up Authentication for Privileged Account Access • AM+UEM+PAM: Login Denied for Compromised Device Accessing Privileged Account • PAM+DS: Govern SSO and Authorization Policy for Privileged Access • DLP+PAM: Privileged Session Termination upon Data Leakage Event • SIEM/UEBA/SOAR+PAM: Privileged Session Management in Response to Security Incident • SIEM/UEBA/SOAR+IGA: Identity Governance in Response to Security Incident • IGA+PAM: Certification of Privileged Accounts • IGA+DAG: Certification of Sensitive Data Access by Data Owner Let’s pick a few and apply to Zero Trust...
  • 21. ID Security Control xxx AM+PAM: Step-up Authentication for Privileged Account Access • Integrate Components: – Access Management + Privileged Access Management • What Happens: – All logins to privileged accounts through the PAM system require stepped-up authentication • Value to Organization: – Significantly reduced risk of illegitimate use of legitimate privileged accounts – Zero Trust of password/key sharing diligence, especially on system accounts “Users” Data SECURITY IDENTITY CONTEXT, RISK, POLICY, WORKFLOW Network “Service”“Client” PAM AM
  • 22. ID Security Control xxx IGA+PAM: Lifecycle Provisioning/De-provisioning of Privileged Access • Integrate Components: – Privileged Access Management + Identity Governance • What Happens: – Changes in identity status trigger automated changes to privileged accounts • Value to Organization: – Empower new privileged users faster and eliminate inappropriate privileges proactively, especially upon termination – Zero Trust of “appropriate use” discipline, especially concerning former employees “Users” Data SECURITY IDENTITY CONTEXT, RISK, POLICY, WORKFLOW Network “Service”“Client” PAM IGA
  • 23. ID Security Control xxx AM+UEM: Login Denied for Compromised Device • Integrate Components: – Access Management + Unified Endpoint Management • What Happens: – AM checks UEM and denies login if device in question has been flagged for indicators of compromise • Value to Organization: – Stop lateral movements made easier by compromised devices – Zero Trust of device security “Users” Data SECURITY IDENTITY CONTEXT, RISK, POLICY, WORKFLOW Network “Service”“Client” UEM AM
  • 24. ID Security Control xxx AM+UEM+PAM: Login Denied for Compromised Device Accessing Privileged Account • Integrate Components: – Access Management + Unified Endpoint Management • What Happens: – AM checks UEM and denies login if device in question has been flagged for indicators of compromise and the login target is a privileged account • Value to Organization: – Stop lateral movement “payoffs” made easier by compromised devices – Zero Trust of device security, especially concerning privileged account logins “Users” Data SECURITY IDENTITY CONTEXT, RISK, POLICY, WORKFLOW Network “Service”“Client” PAM AM UEM
  • 25. Customer Resources Adobe Finds ZEN Using Identity-Centric Security “Working with the IDSA is a great opportunity to help drive innovation across the tech industry with vendors and solution providers alike. Adobe benefits through exposure to vendors, use cases and community best practices that help elevate and strengthen our identity and security teams.” -Den Jones, Director of Enterprise Security, Adobe LogRhythm’s Journey to Zero Trust